关于无线控制器的备份技能
2012-07-26 10:20
183 查看
针对rm误删除的文件,可以使用ext3grep工具恢复,我们可以采用debugfs加dd的方法进行补救,相对ext3grep工具使用比较麻烦一点。以下是本人实验过程
1、新建文件
[root@wdj data0]# echo "very good" >test.txt
2、删除test.txt文件
[root@wdj data0]# rm -f test.txt
3、使用debugfs(一般发行版本系统自带)工具找test.txt文件的inode
[root@wdj data0]# debugfs /dev/sda3
debugfs: ls -d /data0
1760916 (12) . 2 (4084) .. <1760917> (4072) test.txt
“<>”中的数值为test.txt的inode编号,被删除的inode放在"<>"中
4、通过inode获取block的编号
debugfs: logdump -i <1760917>
Inode 1760917 is at group 54, block 1769476, offset 2560
Journal starts at block 1, transaction 212754
FS block 1769476 logged at sequence 213248, journal block 2253 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213587, journal block 9249 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213588, journal block 9305 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213673, journal block 14966 (flags 0xa)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213674, journal block 14979 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213736, journal block 16114 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: regular Mode: 0644 Flags: 0x0
Generation: 1090083295 Version: 0x00000000
User: 0 Group: 0 Size: 10
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x4cf51f96 -- Wed Dec 1 00:00:22 2010
atime: 0x4cf51f96 -- Wed Dec 1 00:00:22 2010
mtime: 0x4cf51f96 -- Wed Dec 1 00:00:22 2010
Blocks: (0+1): 1777664
从上面的信息中可以得出block使用一个,编码为1777664
5、使用dd进行数据恢复
debugfs: quit
[root@wdj data0]# dd if=/dev/sda3 of=/tmp/test.txt bs=4096 count=1 skip=1777664
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.0552693 seconds, 74.1 kB/s
查看数据文件是否恢复
[root@wdj data0]# vim /tmp/test.txt
very good
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
从上面可以看到数据已经恢复,其中"@"是NULL字符可以直接删除掉
本文出自 “二号” 博客,转载请与作者联系!
1、新建文件
[root@wdj data0]# echo "very good" >test.txt
2、删除test.txt文件
[root@wdj data0]# rm -f test.txt
3、使用debugfs(一般发行版本系统自带)工具找test.txt文件的inode
[root@wdj data0]# debugfs /dev/sda3
debugfs: ls -d /data0
1760916 (12) . 2 (4084) .. <1760917> (4072) test.txt
“<>”中的数值为test.txt的inode编号,被删除的inode放在"<>"中
4、通过inode获取block的编号
debugfs: logdump -i <1760917>
Inode 1760917 is at group 54, block 1769476, offset 2560
Journal starts at block 1, transaction 212754
FS block 1769476 logged at sequence 213248, journal block 2253 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213587, journal block 9249 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213588, journal block 9305 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213673, journal block 14966 (flags 0xa)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213674, journal block 14979 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: bad type Mode: 0000 Flags: 0x0
Generation: 0 Version: 0x00000000
User: 0 Group: 0 Size: 0
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 0
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x00000000 -- Thu Jan 1 08:00:00 1970
atime: 0x00000000 -- Thu Jan 1 08:00:00 1970
mtime: 0x00000000 -- Thu Jan 1 08:00:00 1970
Blocks:
FS block 1769476 logged at sequence 213736, journal block 16114 (flags 0x2)
(inode block for inode 1760917):
Inode: 1760917 Type: regular Mode: 0644 Flags: 0x0
Generation: 1090083295 Version: 0x00000000
User: 0 Group: 0 Size: 10
File ACL: 0 Directory ACL: 0
Links: 1 Blockcount: 8
Fragment: Address: 0 Number: 0 Size: 0
ctime: 0x4cf51f96 -- Wed Dec 1 00:00:22 2010
atime: 0x4cf51f96 -- Wed Dec 1 00:00:22 2010
mtime: 0x4cf51f96 -- Wed Dec 1 00:00:22 2010
Blocks: (0+1): 1777664
从上面的信息中可以得出block使用一个,编码为1777664
5、使用dd进行数据恢复
debugfs: quit
[root@wdj data0]# dd if=/dev/sda3 of=/tmp/test.txt bs=4096 count=1 skip=1777664
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.0552693 seconds, 74.1 kB/s
查看数据文件是否恢复
[root@wdj data0]# vim /tmp/test.txt
very good
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
从上面可以看到数据已经恢复,其中"@"是NULL字符可以直接删除掉
本文出自 “二号” 博客,转载请与作者联系!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 关于mysql数据库中数据的备份和还原
- 关于MYSQL InnoDB 表的备份与恢复
- 你的数据库备份吗?关于备份你又了解多少呢?
- 这是一个关于Oracle数据备份的专辑
- 关于oracle的备份 导入
- 关于 周一至周日 备份问题 思路脚本
- 关于网站文件自动备份程序的一点思考
- 6个关于dd命令备份Linux系统的例子
- MySQL20个经典面试题(关于引擎 日志 备份 比较深入)
- 关于SQLSERVER&nbsp;2008远程备份(利用…
- 关于应用程序数据的备份与恢复
- android备份通讯录时关于accountType和accountName的爱恨纠葛
- 关于SQL的若干问题:备份,更改SA用户密码,添加用户,连接失败,服务不能开启等
- 关于一些资料的备份
- 关于通过dblink和expdp进行数据库备份的操作步骤
- java关于mysql数据库备份
- 6个关于dd命令备份Linux系统的例子
- 关于mysql备份说明
- 关于MySQL备份还原的几种方案
- 一些想法:关于备份